What is claimed is: 

1 1 . A computer program product for providing end-to-end protection for datagrams in a 

2 computer networking environment, the computer program product embodied on one or more 

3 computer-readable media and comprising computer-readable program code means for 

4 independently securing each of a plurality of network segments that comprise a network path 

5 from a datagram originator to a datagram destination, while each of one or more gateways in the 

6 network path retains cleartext access to datagrams sent on the network path. 

ill 

•i J 2. A computer program product for providing end-to-end protection for datagrams in a 
'ik computer networking environment, the computer program product embodied on one or more 
computer-readable media and comprising: 

4 computer-readable program code means for protecting each of a plurality of network 

CI 

segments that comprise a network path from a datagram originator to a datagram destination, 

f Is further comprising: 

" 7 computer-readable program code means for establishing a first protected network 

8 segment from the datagram originator to a first gateway in the network path; 

9 computer-readable program code means for cascading zero or more protected 

10 gateway-to-gateway segments from the first gateway to each of zero or more successive gateways 

11 in the network path; and i 

12 computer-readable program code means for cascading a last protected network 

13 segment from a final one of the gateways to the datagram destination, wherein the final gateway 
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1 4 may be identical to the first gateway if no gateway-to-gateway segments are required, 

1 5 wherein the first gateway and each of the zero or more successive gateways retains 

16 cleartext access to datagrams sent on the network path. 

1 3. The computer program product according to Claim 2, wherein the computer-readable 

2 program code means for establishing and the computer-readable program code means tor 

3 cascading fiirther comprise computer-readable program code means tbr establishing security 

4 associations which use strong cryptographic techniques. 

4l 4. The computer program product according to Claim 3, wherein the strong cryptographic 

^ techniques used for the security associations are provided by protocols known as Internet Key 

: 2 i 

J 3 Exchange and IP (Internet Protocol) Security Protocol. 

J ]l 5. The computer program product according to Claim 2, wherein the computer-readable 

program code means tbr cascading fiirther comprises computer-readable program code means tbr 

3 using identifying intbrmation from the first protected network segment as identifying intbrmation 

4 of the protected gateway-to-gateway segments and the protected final network segment. 

1 6. The computer program product according to Claim 5, wherein the identifying information 

2 fiirther comprises addresses of the datagram originator and the datagram destination. 
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1 7. The computer program product according to Claim 6, wherein the identifying information 

2 further comprises a protocol identification and a port number used for the first protected network 

3 segment. 

1 8, The computer program product according to Claim 4, wherein the datagram originator 

2 and the gateways that perform the computer-readable program code means for cascading each act 

3 in an IKE initiator role, 

■jl 9. The computer program product according to Claim 2, wherein the datagram originator 

U2 and the gateways that perform the computer-readable program code means for cascading each act 

'ib as in an initiator role for a protocol known as Internet Key Exchange. 

yj 

U J 10. The computer program product according to Claim 5 or Claim 6, wherein the identifying 

Jl2 information is copied fi^om an inbound side of each gateway to an outbound side of that gateway. 

1 11. The computer program product according to Claim 2, wherein any of the gateways may 

2 perform services on the cleartext datagram, 

1 12. The computer program product according to Claim 2, wherein operation of the computer- 

2 readable program code means for cascading may be selectively enabled for any particular network 

3 path. 
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13. The computer program product according to Claim 12, wherein the selective enablement 
occurs by setting a cascading-enabled flag for the first protected network segment, and wherein 
datagrams sent on the network path are not protected using cascaded tunnels when the computer- 
readable program code means for cascading is disabled. 

14. The computer program product according to Claim 5, wherein the identifying information 
may be altered by zero or more of the gateways. 

15. A system for providing end-to-end protection for datagrams in a computer networking 
environment, the system comprising means for independently securing each of a plurality of 
network segments that comprise a network path from a first computer to a second computer, 
wherein a datagram originator at the first computer sends at least one datagram to a datagram 
destination at the second computer, while each of one or more gateways in the network path 
retains cleartext access to datagrams sent on the network path. 

16. A system for providing end-to-end protection for datagrams in a computer networking 
environment, comprising: 

means for protecting each of a plurality of network segments that comprise a network 
path fi-om a datagram originator to a datagram destination, fixrther comprising: 



means for establishing a first protected network segment fi-om the datagram 
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6 originator to a first gateway in the network path; 

7 means for cascading zero or more protected gateway-to-gateway segments fi"om 

8 the first gateway to each of zero or more successive gateways in the network path; and 

9 means for cascading a last protected network segment fi-om a final one of the 

10 gateways to the datagram destination, wherein the final gateway may be identical to the first 

1 1 gateway if no gateway-to-gateway segments are required, 

12 wherein the first gateway and each of the zero or more successive gateways retains 

13 cleartext access to datagrams sent on the network path. 

41 17. The system according to Claim 16, wherein the means for establishing and the means for 

i2 cascading fiirther comprise means for establishing security associations which use strong 

J 3 cryptographic techniques. 

Ull 1 8. The system according to Claim 1 7, wherein the strong cryptographic techniques used for 
the security associations are provided by protocols known as Internet Key Exchange and IP 

3 (Internet Protocol) Security Protocol. 

1 19. The system according to Claim 16, wherein the means for cascading fiarther comprises 

2 means for using identifying information fi'om the first protected network segment as identifying 

3 information of the protected gateway-to-gateway segments and the protected final network 

4 segment. 
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1 20. The system according to Claim 19, wherein the identifying information further comprises 

2 addresses of the datagram originator and the datagram destination. 

1 21 . The system according to Claim 20, wherein the identifying information further comprises a 

2 protocol identification and a port number used for the first protected network segment. 

1 22. The system according to Claim 1 8, wherein the datagram originator and the gateways that 
. r| perform the means for cascading each act in an IKE initiator role. 

m 

23. The system according to Claim 16, wherein the datagram originator and the gateways that 

J I 

^2 perform the means for cascading each act as in an initiator role for a protocol known as Internet 

Ci 

Key Exchange. 

■-4 24, The system according to Claim 19 or Claim 20, wherein the identifying information is 

2 copied fi'om an inbound side of each gateway to an outbound side of that gateway. 

1 25. The system according to Claim 1 6, wherein any of the gateways may perform services on 

2 the cleartext datagram. 



1 



26. The system according to Claim 16, wherein operation of the means for cascading may be 
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2 selectively enabled for any particular network path. 

1 27. The system according to Claim 26, wherein the selective enablement occurs by setting a 

2 cascading-enabled flag for the first protected network segment, and wherein datagrams sent on 

3 the network path are not protected using cascaded tunnels when the means for cascading is 

4 disabled. 

1 28. The system according to Claim 19, wherein the identifying information may be altered by 

j| zero or more of the gateways. 

1^1 29. A method of providing end-to-end protection for datagrams in a computer networking 

environment, by independently securing each of a plurality of network segments that comprise a 

1=3 network path from a first computer to a second computer, wherein a datagram originator at the 

first computer sends at least one datagram to a datagram destination at the second computer, 

" 5 while each of one or more gateways in the network path retains cleartext access to datagrams sent 

6 on the network path. 

1 30. A method of providing end-to-end protection for datagrams in a computer networking 

2 environment, comprising steps of 

3 protecting each of a plurality of network segments that comprise a network path fi-om a 

4 datagram originator to a datagram destination, further comprising steps of 
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5 establishing a first protected network segment fi-om the datagram originator to a 

6 first gateway in the network path; 

7 cascading zero or more protected gateway-to-gateway segments fi"om the first 

8 gateway to each of zero or more successive gateways in the network path; and 

9 cascading a last protected network segment fi^om a final one of the gateways to the 

10 datagram destination, wherein the final gateway may be identical to the first gateway if no 

1 1 gateway-to-gateway segments are required, 

12 wherein the first gateway and each of the zero or more successive gateways retains 

a 

13 cleartext access to datagrams sent on the network path. 

I H 

3 1 . The method according to Claim 30, wherein the establishing step and the cascading step 

i J j 

J 2 further comprise the step of establishing security associations which use strong cryptographic 
techniques. 

i 

i !1 

:^ ^ 

==sl 

"'l 32. The method according to Claim 31, wherein the strong cryptographic techniques used for 

2 the security associations are provided by protocols known as Internet Key Exchange and IP 

3 (Internet Protocol) Security Protocol. 

1 33. The method according to Claim 30, wherein the cascading step fiirther comprises the step 

2 of using identifying information fi-om the first protected network segment as identifying 

3 mformation of the protected gateway-to-gateway segments and the protected final network 
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segment. 

34, The method according to Claim 33, wherein the identifying information further comprises 
addresses of the datagram originator and the datagram destination, 

35, The method according to Claim 34, wherein the identifying information further comprises 
a protocol identification and a port number used for the first protected network segment. 

36, The method according to Claim 32, wherein the datagram originator and the gateways 
that perform the cascading step each act in an EKE initiator role, 

37, The method according to Claim 30, wherein the datagram originator and the gateways 
that perform the cascading step each act as in an initiator role for a protocol known as Internet 
Key Exchange, 

38, The method according to Claim 33 or Claim 34, wherein the identifying information is 
copied fi*om an inbound side of each gateway to an outbound side of that gateway. 

39, The method according to Claim 30, wherein any of the gateways may perform services on 
the cleartext datagram. 
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40. The method according to Claim 30, wherein operation of the cascading step may be 
selectively enabled for any particular network path. 

41. The method according to Claim 40, wherein the selective enablement occurs by setting a 
cascading-enabled flag for the first protected network segment, and wherein datagrams sent on 
the network path are not protected using cascaded tunnels when the cascading step is disabled. 

42. The method according to Claim 33, wherein the identifying information may be altered by 
zero or more of the gateways. 
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